Security Identifier(SID): GetSID of a user,object using Registry, WMIC, PowerShell

At times, we are in a situation when need to identify the SID of any object. The security identifier (SID) structure is a variable-length structure used to uniquely identify users or groups. For more information Refer here

We have different ways to identify the SID of any object. However, my main objective of writing this blog is to point out the PowerShell option, I will still list out other options.

1. Using PSGetSID

2. By looking at the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

We can look at these registry hives at following path. Each of the item at this hive is named with the SID of the account. By looking at the ProfileImagePath key under specific account’s hive, you can identify the account’s name. Like below, we can see this is for “NetworkService” account.

Also, like below, selected item is for a user named “gaurav” and it’s SID is the name of the hive.

This approach has one limitation which is you can only get the SID of either a local user or a domain user who has logged in at least once onto this machine.

3. WMIC

There is this approach which we can use and will work in all of the cases except on any OS prior to Windows XP. We will use WMI commands to find out the SID of any user within the network. Like below, in the following command, gauravtestMachine is the computer name.

wmic useraccount where (name='administrator' and domain='gauravtestMachine') get name,sid

Name SID administrator S-1-5-21-1976753858-2077894621-3616986626-500

We can run the same command if we want to get the SID of a domain user by replacing domain value with the actual value.

4. Using PowerShell

Since the focus is on PowerShell, I have give a feWe have got yet another option to fetch the SID using the PowerShell command which i think is the most suitable and convenient option. Here is the command. Please remember that this command has to be exactly like this. If you put an extra space, that can cause a problem.

How would you find the name of the RID500 user account (ADSAdministrator) without resorting to something like: Get-WmiObject Win32_Account -Filter “Domain=’$TargetDomain’ and SID Like ‘%-500’ ” which searches all accounts in the domain. Or, to put it another way, how would you find the SID of the domain? (and then append “-500”)